Key generators for cryptographic devices

ABSTRACT

In a digital key generator, comprising a network of counters triggered by a clock, and feeding a logical circuit having a plurality of outputs supplying the digits of a quasi-random member, at least some of those outputs respectively feed corresponding shift-register converters whose outputs are substituted for the corresponding outputs of the logical circuit, in order to improve the quasi-random nature of the number delivered by the logical circuit.

United States Patent Vasseur 5] Oct. 24, 1972 [54] KEY GENERATORS FORCRYPTOGRAPHIC DEVICES [72] Inventor:

[73] Assignee: CSF-Compagnie Telegraphie sans Fil 22 Filed: Sept. 18,1967 211 Appl.No.: 668,447

Jean-Pierre Vasseur, Paris, France Generale de [52] US. Cl ..178/22,331/78 [51] Int. Cl. ..H04l 9/04 [58] Field of Search ..178/22; 35/2;331/78 [56] References Cited UNITED STATES PATENTS 3,515,805 6/1970Fracassi et al. ..l78/22 at h ab 14 Lam $74655 LOG/04L C/RC'l/lr PrimaryExaminer-Benjamin A. Borchelt Assistant Examiner-11. A. BirmielAttorney-Cushman, Darby & Cushman ABSTRACT 5 Claims, 5 Drawing Figuresemu-rm sues l PATENTED 0U 24 I97? 3. 700.806

SHEET 3 BF 3 PERMUTATOE PERHUrATOR 105 107, 108,109:DECODlNG'PEPHUTAT/NG- coo CIRCUITS KEY GENERATORS FOR CRYPTOGRAPI-IICDEVICES The present invention relates to key generators forcryptographic links, wherein the transmission intelligence is effectedin the following way:

Each intelligence element, a latter for example, is first coded into anumber I; for each of those intelligence elements, a device, known as akey generator, supplies a key C, i.e., another number, building up aone-element key, or a sequence of several numbers, each of which is anelement of the key; a ciphering apparatus supplies an encipheredintelligence element I which is a function of C and I, such that I maybe recovered from C and I. To this end, at the receiver, a keygenerator, identical to that of the transmitter, and synchronizedtherewith, supplies the key C when the ciphered intelligence element Iis received.

From this mode of operation results that the two identical keygenerators, starting from the same state, will supply the same sequenceof keys, strictly determined by their identical structure;further, thissequence will necessarily have a given period, i.e., will repeat itselfafter a predetermined number of keys.

However, the secrecy requirements imply that each key should appear asunexpected as possible, which is expressed by saying that the key mustbe of a quasirandom nature. This involves various desired conditions,such as a very long period, within which the various numbers which canbuild up the key or each of the key elements appear about the samenumbers of times (equiprobability of the keys).

Very complex key generators have been proposed to this end, inparticular, key generators are known wherein a number, already of aquasi-random nature and which will be referred to here as a primarynumber, is first elaborated; the primary number is thereafter againhandled so as to increase its quasirandom character, the transformednumber thus obtained, which will be referred to as a secondary number,either building up the ultimate key C or anelement thereof, or beingagain handled with a view towards elaborating the key.

In the same way, it will be noted that the primary number," asunderstood here, may itself result from the handling of one or moreprevious quasi-random numbers, and is necessarily primary only withrespect to the corresponding secondary number.

The primary number also has a periodic character, the period of thecorresponding secondary number of being generally much longer.

The present invention concerns more particularly key generators of thefollowing type: they comprise a clock; a stage of counters controlled bythe clock, at least some of the outputs of those counters beingconnected to the inputs of a logical circuit, which, generally, does notinclude any memory device; the outputs of the logical circuitrespectively supply the 11 digits of a quasi-random number, which is aprimary number as understood here.

The applicant has previously proposed to have this logical circuitfollowed by another circuit, comprising auxiliary counters, the outputsof which supply a corresponding secondary number.

The present invention provides for a higher improvement of thequasi-random character of a primary number, expressed in a system whosebase is b, b being a positive integer higher than I, through the use ofshift registers, and more precisely, of shaft register arrangements ofthe type, comprising: a shift register, each stage of which has b stablestates; a modulo b adder, which will be referred to as the input adder,whose first input builds up the input of the arrangement, and whoseoutput in connected to the input of the shift register, and a network ofmodulo b adders and/or other logical operators, inserted in series withthe stages of the register, and/or coupled in parallel with thesestages, the output of this network being coupled to the second input ofthe input adder. The output of the arrangement may be placed at variouspoints thereof, and in particular at the output of the input adder.

A shift register arrangement of the hereinabove described type will behereinafter, and in the claims, referred to as a modulo b shift registerconverter.

According to the invention, there is provided a key generator forsupplying a key to the enciphering apparatus of a cryptographic link,said key generator comprising: a clock; a network of counters; saidcounters having outputs and being controlled by said clock; a logicalcircuit having inputs coupled to a least some of the outputs of saidcounters, and n outputs, referred to as the primary outputs, forrespectfully supplying the n digits of a quasi-random number, expressedin a system whose base is b; and an output circuit having outputsdesigned to be coupled to said enciphering apparatus, said outputcircuit comprising at least a converting circuit having p outputs,referred to as the secondary outputs, for converting said quasi-randomnumber into another quasi-random number of p digits expressed in saidsystem of base b, said p digits being respectively supplied by said psecondary outputs; n, b and p being positive integers, and b beinggreater than 1; wherein said converting circuit comprises q modulo bshift register converters, q being a positive integer not greater thann, said q shift registers converters having respective inputsrespectively coupled to q of said n primary outputs, and each of saidconverters having an output building up one of said p secondary outputs.

The invention will be best understood, and other characteristics thereofwill appear, from the following description and appended drawing,wherein:

FIG. 1 is the block circuit of one embodiment of a key generatoraccording to the invention; and

FIGS. 2, 3, and 4 are various embodiments of the shift registerconverters of the circuit of FIG. 1.

FIG. 5 shows a detailed embodiment of the counters and logical circuitstages of the block circuit of FIG. 1.

In the Figures, the same reference numbers are used to designate thesame elements.

The invention will be described, in a non-limitative way, in the case ofa key generator operating in a parallel binary code.

In FIG. 1, a clock 2 has an output connected to a circuit 1 comprising aplurality of counters, whose maximal counts differ between them, thesecounters being controlled by the signals supplied by clock 2 for eachstep thereof. The N outputs of circuit 1 are respectively connected tothe N inputs of a logical circuit 3, comprising elements such asdecoders, permutators, coders and gate, this logical circuit having noutputs 7.

w ll

For each step of the clock, N binary digits appear respectively on the Noutputs of circuit 1, and as a consequence n binary digits also appearon the n outputs 7 respectively; these n binary digits, each of whichhas a quasi-random character, build up a quasi-random binary number,which is the primary number considered here, the n outputs 7 being theprimary outputs.

The assembly built up by the circuits 1 and 3 may for example comprisethe parts I to 4 and 10 to 33 of the circuit shown in FIG. 2 of US. Pat.No. 3,250,855, the primary outputs being the outputs of the gates 19 to21, 23 to 25, 29 to 31 and 31 to 33 of this figure; or else may be asillustrated in FIG. 1 of the French Addition Patent No. 79,634 theprimary terminals being then the outputs of the circuit of this lastmentioned figure.

FIG. corresponds to the latter example. Block 1 of FIG. 1 is formed bythree binary counters 102 to 104, having inputs feed in parallel by anoutput of clock 2, and the respective maximum counts of which are 61, 59and 31. A circuit 105, which is a decoding-permutating-coding circuits,i.e. includes a decoder followed by a permutator itself followed by acoder, the latter coding again in a binary system the permutated decodedsignal delivered by the permutator, has four inputs, three of which arerespectively connected to one output of each of the counters. Twofurther outputs of counters 102, and a further output of each one of thecounters 103 and 104 are unconnected. The remaining outputs of the threecounters are connected to inputs of a permutator 106 having 16 inputsand 16 outputs, the other 6 inputs of the permutator being connected to6 outputs thereof by respective feedback loops, this sextuple connectionbeing shown in the drawing by a single loop with an arrow. Two of theother 10 outputs of permutator 106, are unconnected, one feeds thefourth input of circuit 105.

The logical circuit comprises three further decodingpermutating-codingcircuits 7, 8 and 9, each having four inputs which are fed as follows:

As concerns circuits 109 and 108, two of their inputs are fed by twooutputs of permutator 106, one by an output of circuit 105, and one byan output of circuit 107, the other two outputs of which areunconnected.

Three of the inputs of circuit 107 are fed by permutator 106, and one bycircuit 105, the last output of which is unconnected.

Finally, a permutator 110 with 16 inputs and 16 outputs has eight of itsoutputs connected to eight of its inputs by respective feedback loops,this being again shown by a single loop with an arrow, the remainingeight inputs being connected to the four outputs of circuit 108 and tothe four outputs of circuit 109, while the remaining eight outputs ofpermutator 110 are the outputs of the logical circuit 3 of FIG. 1.

The permutators of the circuit are adjustable permutators whose internalconnections determining a oneto-one correspondency between the inputsand the outputs thereof may thus be changed from time to time, accordingto a given program.

In this preferred embodiment of the invention, each output of circuit 3is connected to the signal input of a modulo 2 shift register converter4, having an advance input 6 connected to clock 2, and an outputbuilding up one secondary output, and also one of the outputs of the keygenerator.

The output signals of the circuit 3 are applied to the inputs of theconverters 4, and cause other signals, which depend in a quasi-randomway on the corresponding digits of the primary number, to be displayedon the outputs of the converters.

FIG. 2 shows an embodiment of the converters 4 of FIG. 1.

The converter 4 comprises a conventional shift register, having a numberof stages 10, each of which has its output connected to the input of thefollowing one. Each stage 10 has two stable states.

Modulo 2 adders, 11, are connected to give the sum S of the signalsstored by a predetermined group of the stages of the register. To thisend, the first one of those adders 11 receives the signals of the lasttwo stages of this group, and each of the other adders 1 1 receives theoutput signal of the preceding adder and the signal stored by thepreceding stage of the group, the output of the last adder 11 beingconnected to the second input 12 of another modulo 2 adder, 14, whoseoutput is connected to the input of the first stage of the register. Thefirst input of the input adder 14, which is the input of the converter,is connected to the corresponding output 7 of circuit 3. The output ofthe adder 14 is also connected to the output 5 building up the output ofthe converter.

In this Figure, the conventional connections between the various stagesof the register and the advance input 6 thereof (FIG. 1) have not beenshown.

The operation of the converter is as follows:

a. Assuming that the system includes only the stages 10 of the register,it is known that a digit appearing at the input thereof is stored by theinput stage of the register, erasing that which it contained previously.The latter is forwarded to the next stage, and so on. Thus a digitsuccessively goes through all the stages of the register, under thecontrol of the advance pulses supplied by the clock 2 (FIG. 1);

b. Assuming the converter to operate in the autonomous way, i.e., incooperation with adders 1 1 and 14, but terminal 7 constantly receivinga zero signal, it is known that the period of the register, starting ofcourse from an initial state other than 0 in each stage of the register,can, through an adequate choice of the network of adders 11 for formingthe sum modulo 2, S, reach the maximal value 2"1 where K is the numberof stages in the register. Preferably, this network will be designed inthis way. (To this end, the tables of appendix C of the work of W.Wesley Peterson, Error-Correcting codes, John Wiley and Sons may beused.)

c. But actually, the register will operate in a much more complicatedway, due to the fact that a quasirandom digit is applied to the firstinput 7 of adder 4 before the apparition of each advance clock pulse.

It is thus seen that the output digit of the converter is an intricatefunction of the digit applied to input 7 of the converter, and of thedigits previously applied thereto.

A remarkable advantage of the use of such converters in the keygenerator according to the invention will appear from a comparisonbetween the conversions respectively effected on the one hand by aconverter having the period P 2"-l (when it operates in an autonomousway) and a counter, having the same period P.

In both cases, e, will designate here, in a general way, the 1''" binarydigit applied to the input of the converter or of the counter, and s,the i"' output signal supplied by either, it being understood that, asconcerns the counter, s, will be a k digit number such that 2" P.

In the case of the counter, the r'" output signal s,, will obviouslyalways result, whatever r, from the law i=r s,=2 e modulo P But, asconcerns the converter, experience indicates, and theoreticalconsiderations confirm, that P successive output signals, s, to S +p areformed according to P different laws as a function of the correspondinginput signals (considered starting from the first one) and the precedinginput signals.

This fact is of course of great advantage as concerns the secrecyrequirements.

It should be noted that an advantage of this kind would not obtain if ashift register with a feedback circuit, but operating in the autonomousway (in other words an apparatus such as shown in FIG. 2, but whereinthe input 12 would be directly connected to the input of the shiftregister) were used to generate a quasi-random sequence with the periodP directly.

Of course, the output digit may be picked up not only at the input ofthe first stage of the register, as shown in FIG. 2, but also at theinput or output of any stage thereof.

Further, the key generator being provided with a plurality of converters4, the laws according to which the output digits of each converter areformed depend upon the length of the register and the correspondingnetwork of adders. Thus a different design may be advantageously chosenfor each converter, which will make each secondary number a veryintricate function of the corresponding primary number and of thepreceding ones.

FIG. 3 shows another embodiment of the converter 4, wherein an adder 15is serially inserted between two stages of the shift register.

FIG. 4 shows a third embodiment of the converter, wherein the outputs ofeach stage are connected to a device 16, which effects on its inputssignals a predetermined logical operation, supplying the signal S, whichis added in 14 to the signal displayed on terminal 7.

It can be shown that, in this case, it is possible to devise a converterwith any period up to 2" (cf Counting with non-lineary binary feedbackregisters,l.E.E. Transaction on Electronic Computers, Aug. 12, 1963, p.357).

Of course the invention is not limited to the embodiments described andshown.

In this respect is should be noted, in particular, that it may beapplied to a key generator wherein the primary and secondaryquasi-random numbers are generated serially, in which case a singleconverter is required.

0n the other hand, the invention also applies if the base b of thesystem, in which this primary and secondary quasi-random numbers areexpressed, is greater than 2. The converters should then be modulo bconverters, which involves that each stage of the registers has b stablestates, and that the adders or other lo 'cal operators of the convertersare modulo b opera ors.

However, for technological reasons, it is generally preferred to use abinary code.

Lastly it should be understood that the terms input or output used herefor an input or output receiving or supplying a digit, of course alludeto an input or an output comprising the single or several wires used toexpress this digit. It is known for example that an input for receivinga binary digit may be built up either by a single wire or by two wireswith corresponding energization codes.

What is claimed is:

1. A key generator for supplying a key to the enciphering apparatus of acryptographic link, said key generator comprising: a clock; a network ofcounters, said counters having outputs and being controlled by saidclock; a logical circuit having inputs coupled to a least some of theoutputs of said counters, and n outputs, referred to as the primaryoutputs, for respectfully supplying the n digits of a quasi-randomnumber, expressed in a system whose base is b, and an output circuithaving outputs designed to be coupled to said enciphering apparatus,said output circuit comprising at least a converting circuit having poutputs, referred to as the secondary outputs, for converting saidquasi-random number into another quasi-random number of p digitsexpressed in said system of base b, and p digits being respectivelysupplied by said p secondary outputs; n, b, and p being positiveintegers, and b being greater than one; wherein said converting circuitcom prises q modulo b shift register converters, q being a positiveinteger not greater than n, said q shift registers converters havingrespective inputs respectively coupled to q of said n primary outputs,and each of said converters having an output building up one of said psecondary outputs.

2. A key generator as claimed in claim 1, wherein b 3. A key generatoras claimed in claim 1, wherein q 4. A key generator as claimed in claim1, wherein said q converters have different structures.

5. A key generator as claimed in claim 2, wherein the period P of eachof said converters is equal to P 2"l K being the number of the stagesthereof.

1. A key generator for supplying a key to the enciphering apparatus of acryptographic link, said key generator comprising: a clock; a network ofcounters, said counters having outputs and being controlled by saidclock; a logical circuit having inputs coupled to a least some of theoutputs of said counters, and n outputs, referred to as the primaryoutputs, for respectfully supplying the n digits of a quasi-randomnumber, expressed in a system whose base is b, and an output circuithaving outputs designed to be coupled to said enciphering apparatus,said output circuit comprising at least a converting circuit having poutputs, referred to as the secondary outputs, for converting saidquasi-random number into another quasi-random number of p digitsexpressed in said system of base b, and p digits being respectivelysupplied by said p secondary outputs; n, b, and p being positiveintegers, and b being greater than one; wherein said converting circuitcomprises q modulo b shift register converters, q being a positiveinteger not greater than n, said q shift registers converters havingrespective inputs respectively coupled to q of said n primary outputs,and each of said converters having an output building up one of said psecondary outputs.
 2. A key generator as claimed in claim 1, wherein b2.
 3. A key generator as claimed in claim 1, wherein q n p.
 4. A keygenerator as claimed in claim 1, wherein said q Converters havedifferent structures.
 5. A key generator as claimed in claim 2, whereinthe period P of each of said converters is equal to P 2K-1, K being thenumber of the stages thereof.